Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The three commands in which Telnet: NTLM Authentication Protocol messages can be embedded are SEND, IS, and REPLY. The structure of each of these commands is as follows:
IAC SB AUTHENTICATION SEND authentication-type-pair-list IAC SE
IAC SB AUTHENTICATION IS authentication-type-pair <auth data> IAC SE
IAC SB AUTHENTICATION REPLY authentication-type-pair <auth data> IAC SE
The Telnet: NTLM Authentication Protocol specifies the values that the authentication-type-pair-list and the <auth data> fields must be filled with, when the negotiated authentication mechanism is NTLM. That is, the payload of the Telnet: NTLM Authentication Protocol is solely the authentication-type-pair-list field in the case of the SEND command; and the payload consists of the authentication-type-pair and the <auth data> fields in the cases of the IS and REPLY commands.
The following figure illustrates the relationship between SEND commands and a Telnet: NTLM Authentication Protocol packet.
Figure 2: Relationship between SEND commands and Telnet: NTLM Authentication packet
The following figure illustrates the relationship between IS and REPLY commands and a Telnet: NTLM Authentication Protocol packet.
Figure 3: Relationship between IS and REPLY commands and Telnet: NTLM Authentication packet
The message syntax of a Telnet: NTLM Authentication Protocol message depends on the Telnet Authentication Option command (as specified in [RFC2941]) in which it is to be embedded, whether a SEND (section 2.2.1), IS (section 2.2.2), or REPLY (section 2.2.2) command.